Node.js Security🚀and Best Pratices 👨‍💻

Compromised Database

  1. Strongly Encrypting passwords and password reset tokens with salt and hash

Brute Force Attacks

  1. Use bcrypt to make login request slow
  2. Implement rate limiting with express-rate-limit
  3. Implement maximum login attempts

Cross Site Scripting (XSS) Attacks

  1. Store JWT in HTTP only Cookies
  2. Sanitize user input data
  3. set special HTTP headers (helmet package)

Denial Of Service (DOS) Attack

  1. Implementing rate limiting (by express-rate-limit)
  2. limiting body payload size
const express = require("express");
const app = express();
/*
* restrict the req.body size to be less then 10mb
*/
app.use(express.bodyparser({ limit: '10mb'}));

NoSql query 💉

  1. Use mongoose for mongodb( because of schema type)
  2. Sanitize user input data

Some other Best Pratices and Suggestions

  1. Always use HTTPS for encrypting request and responses.
  2. Create random password 🔑 reset tokens with expire dates
  3. Deny access to JWT after password is changed
  4. Dont commit sensitive config data to git
  5. Dont send error details to client
  6. Prevent cross-site request forgery:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Saikiran Rudra

Saikiran Rudra

I am a self-taught Full-Stack Developer , UI Designer, Linux enthusiast, passionate about solving problem